Thomas M Steenholdt skrev den 2015-03-11 18:38:
if its blocked where is the problem then ?
What I meant was; Files that should otherwise have been blocked, are
let
through.
so far so good
Let me try to get a log snippet...
+1
first step if possible try foxhole signatures in clamav, did that
solve it ?
ClamAV should not be involved in blocking filetypes, right?
i did not say block, but only detect, then amavisd-new can make better
desision later
you say forwarded, is it forwarded localy or remote forwarded ?
Forwarded in the MUA. E.g. thunderbird, right click e-mail and forward
as attachment. Results in a new e-mail, with an .eml file attached.
This
.eml file is a complete mail including .zip, .exe, .scr, .whatnot.
ClamAV actually scans the .eml file and finds infected files. Problem
is
when a new outbreak occur, stuff like .scr and .exe files are let
through this way (before ClamAV's signature detects it's infected).
thats why i say foxhole signature
is the malware detected if you ripmime emails that contains it ?
In that case, the individual attachments (inside the .eml attchment) is
found just fine. The problem is with the .eml file not being processed
properly.
yes this is a feature of amavisd-new not a problem in clamav with
foxhole sigs
i have more silly questions if it helps :=)
Bring 'em on :-)
how old are you ?
